VU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation
Dnsmasq, a popular DNS and DHCP server, is vulnerable to several memory safety and input validation flaws. These vulnerabilities include heap buffer overflows, memory corruption issues, and potential code execution exploits. Attackers can exploit these flaws to compromise the system in various ways. Successful attacks can lead to DNS cache poisoning, causing traffic redirection to malicious sites. Other attacks can trigger denial-of-service conditions, rendering dnsmasq unusable. Information disclosure is also possible, potentially leaking sensitive network details. In certain scenarios, local attackers could even achieve root privilege escalation. The identified vulnerabilities are tracked under various CVE numbers, including CVE-2026-2291 and several others. Dnsmasq version 2.92rel2 has been released to address these issues. This update and vendor patches are key to mitigating the risks. The vulnerabilities were discovered by multiple researchers. Careful application of the patch is essential to maintain network security.